Posted on 01-24-2019 12:51 PM
Good afternoon Jamf Nation,
We’re excited to launch Jamf Connect Login 1.0.0, now integrated with Azure Active Directory and Jamf Connect Verify 1.0.0. Details about the release are below.
Please let me know if you have any questions or concerns about this release!
Login Admin Guide with Release Notes
Verify Admin Guide with Release Notes
KB Article for Deploying Jamf Connect
KB Article for Jamf Connect Verify Preference Keys
KB Article for Using authchanger with Jamf Connect
KB Article for Integrating Open ID Connect with Jamf Connect
Azure Integration Press Release
Posted on 01-24-2019 01:00 PM
Posted on 01-24-2019 01:26 PM
I'm sure I'm not the only one wondering:
What is Verify? Where is Nomad Pro/Jamf Connect Sync?
Posted on 01-24-2019 01:36 PM
Verify is for Azure. Jamf Connect Sync is specific to Okta but doesn't include as many new features as Azure (Verify) and Login at the present time.
Posted on 01-24-2019 01:51 PM
We are working on the updates for Jamf Connect Sync, but are running it through some more testing currently. Since many people already have NoMAD Pro installed we are being very careful with the upgrade workflows.
As we get closer to release we will have beta releases and more info available.
Hang in there, we haven't forgotten about you.
Posted on 01-24-2019 10:36 PM
Great news. Will there be released some online product walkthrough or webinar of this new product as seeing something often is better then reading :)
We are not running LDAP, will information from Azure be able to be uploaded to Jamf with AD preference settings like full name, email, phone number location etc ?
Posted on 01-25-2019 09:08 AM
Jamf Connect is a welcome addition. However it would increase its usefulness massively if it was not limited to just Active Directory and Azure (AD).
Active Directory was already reasonably well supported by Apple's built-in AD client, OpenDirectory is also of course well supported by Apple's built-in OD client. Other LDAP servers are effectively not supported at all.
Yes one can manually define field mapping for other LDAP servers but not the use of the word manually. Trying to use say FreeIPA is pretty much a lost cause, OpenLDAP is not much better despite the fact it is a lot better known and OpenDirectory is based on it.
One of the major issues is the inability to get password reset requests to work at the login screen stage.
If Jamf Connect stepped up to the plate and provided seamless connectivity to other LDAP services especially in our case FreeIPA then I would go for it in a flash.
Note: I did manage manually to get a Mac to talk to FreeIPA and even for the creation and use of Mobile accounts but the one thing I could not get working was login screen password reset requests - changing the password ones self via System Preferences did work. Changing the password via System Preferences worked via a Kerberos connection but password reset requirement at the login screen happen before the login is complete and hence you have no Kerberos ticket at that point. With FreeIPA and OpenLDAP having no equivalent of Apple's Password Server you are stuck.
Posted on 01-27-2019 06:03 PM
@kaylee.carlson seems you havent mentioned properly in documentation that Jamf Verify is for Azure AD
Posted on 01-30-2019 06:15 AM
Hi, any chance of a trial of this product? still deciding on which route to take in terms of Apple Enterprise Connect or JAMF Connect.
Posted on 01-31-2019 04:31 PM
My org has local Active Directory - can we use it with that? I'm not seeing an obvious answer, but would love to explore if it's possible.
Posted on 02-01-2019 06:52 AM
@jonathanwilson You can use the open source version NoMAD Login, that is what Jamf told me when asking. I also just like you, have a local AD and I am using NoMAD Open Source found here: https://nomad.menu/support
Jamf Connect I was told is for OKTA/Azure and soon if not already for Google Secure LDAP, anyone can correct me if I am wrong!
Posted on 02-11-2019 11:59 PM
Funny I ended up here via ADPassmon, then Nomad and then Jamf Connect. Been emailing with support as we struggled with AD and certificates but from the surface it seems this product can smoothen the whole AD integration.
I see it does AD Azure, does that mean not regular AD?
Posted on 02-20-2019 05:35 AM
For local AD infrastructures NoMAD remains as the best solution for casual binding to local AD.
The Jamf Connect products use cloud IdP solutions for authentication.
We realize that a lot of folks still have local AD resources they would like to access still with local Kerberos. Jamf Connect Verify, NoMAD Pro, and the upcoming Jamf Connect Sync all allow you to authenticate to your IdP and then also retrieve local Kerberos tickets from on-prem AD.
In a nutshell:
- If you only have on-prem AD, use NoMAD solutions.
- If you only have an IdP, use Jamf Connect solutions.
- If you have IdP as your authentication source and local AD resources, use Jamf Connect solutions.
I hope this helps clear things up a bit.
Posted on 02-22-2019 05:41 PM
I'm having issues with the Okta authchanger with Jamf Connect Login. When enabled, after reboot/logout/login it just hangs with a spinning gear. The plist file has authserver set to our okta URL. Is there a step I am missing?
Posted on 03-06-2019 05:11 AM
Hi, does anyone know how to remove it from a computer? I've stupidly installed it on my own machine but don't have time to have a look at it at the moment.
Posted on 03-08-2019 09:46 AM
You can run
sudo authchanger -reset
to go back to the factory login settings.
Posted on 03-19-2019 08:55 AM
@josh.wisenbaker if you only have AzureAD do you use Jamf Sync or Jamf Verify. If you use Jamf Verify should you get Kerberos ticket or not. If so how do you se that up with AzureAD?